Wizcrafts - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

User Wizcrafts , the webmaster of wizcrafts.net, joined AbuseIPDB in October 2021 and has reported 27 IP addresses.

Standing (weight) is good.

INACTIVE USER WEBMASTER SUPPORTER

IP	Date	Comment	Categories
🇳🇱 45.142.193.140	27 Apr 2026	Dozens of simultaneous probes for zipfiles supposedly containing system backups and credentials. Her ... show more Dozens of simultaneous probes for zipfiles supposedly containing system backups and credentials. Here's just 3 out of hundreds: 45.142.193.140 [Sat Apr 25 07:47:59 2026] "GET /zcrftsw.zip" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0" 45.142.193.140 [Sat Apr 25 07:47:59 2026] "GET /zcrftsww.zip" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0" 45.142.193.140 [Sat Apr 25 07:47:59 2026] "GET /www.www.zip" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0" show less	Hacking Exploited Host
🇺🇸 192.111.137.35	22 Mar 2026	192.111.137.35 [Sun Mar 22 08:04:04 2026] "GET /images/logos/ani_logo1.gif;S:https:/www.energynewsce ... show more 192.111.137.35 [Sun Mar 22 08:04:04 2026] "GET /images/logos/ani_logo1.gif;S:https:/www.energynewscenter.com/%E0%B9%80%E0%B8%9C%E0%B8%A2%E0%B8%95%E0%B9%89%E0%B8%99%E0%B8%97%E0%B8%B8%E0%B8%99%E0%B8%84%E0%B9%88%E0%B8%B2%E0%B9%84%E0%B8%9F%E0%B8%A5%E0%B8%94%E0%B8%81%E0%B8%A7%E0%B9%88%E0%B8%B2-2/" show less	Hacking Exploited Host
🇫🇷 109.234.161.199	19 Dec 2025	Fake GoogleBot user agent. Made hundreds of attempts to find .tar.gz and similar backup files	Hacking Exploited Host Web App Attack
🇺🇸 162.241.62.140	12 Sep 2025	This ip address belongs to a Wordpress website in Mexico that has been compromised to host a phishin ... show more This ip address belongs to a Wordpress website in Mexico that has been compromised to host a phishing scam targeting Chase Bank customers. show less	Phishing Exploited Host
🇵🇱 2a03:cfc0:8000:26::c303:dd38	18 Aug 2025	Spoofed GoogleBot in fake user-agent. Attempted to run hostile JavaScript commands. Tripped my bot t ... show more Spoofed GoogleBot in fake user-agent. Attempted to run hostile JavaScript commands. Tripped my bot trap after first attempt. Continued attacking files for 1.5 minutes, while getting 403s. show less	Hacking Brute-Force
🇺🇸 181.214.107.48	23 Jun 2025	Huge attack looking for exploitable php files, admin logins, shell scripts, and cgi-bin contents. Al ... show more Huge attack looking for exploitable php files, admin logins, shell scripts, and cgi-bin contents. All blocked, but logged. Total attack time was 2 minutes 30 seconds! show less	Hacking Exploited Host
🇩🇪 88.214.25.160	30 Apr 2025	88.214.25.160 [Wed Apr 30 14:38:33 2025] "GET /+CSCOE+/logon.html"	Hacking Brute-Force Exploited Host
🇺🇸 192.185.209.118	28 Apr 2025	This domain is being used in a phishing scam sent via email, targeting AMEX customers. The payload l ... show more This domain is being used in a phishing scam sent via email, targeting AMEX customers. The payload login page in hosted on a compromised Brazilian Government server account. show less	Phishing Email Spam
🇮🇪 13.79.153.57	15 Apr 2025	Huge attack targeting non-existent WordPress and other CMS files.	Hacking Exploited Host Web App Attack
🇺🇸 172.200.234.99	31 Mar 2025	172.200.234.99 [Sun Mar 30 17:23:56 2025] "GET /wp-content/plugins/pwnd-1/pwnd.php	Hacking Exploited Host Web App Attack
🇨🇭 2001:1600:10:101::18b	01 Mar 2025	2001:1600:10:101::18b [Fri Feb 28 16:59:11 2025] "GET /shell20211028.php"	Hacking Exploited Host Web App Attack
🇬🇧 172.167.100.202	12 Feb 2025	172.167.100.202 - - [12/Feb/2025:14:48:40 -0600] "GET /.well-known/lv.php HTTP/2.0" 403 172.167.100 ... show more 172.167.100.202 - - [12/Feb/2025:14:48:40 -0600] "GET /.well-known/lv.php HTTP/2.0" 403 172.167.100.202 - - [12/Feb/2025:14:48:43 -0600] "GET /.well-known/dropdown.php HTTP/2.0" 403 172.167.100.202 - - [12/Feb/2025:14:48:44 -0600] "GET /.well-known/.well-known/cc.php HTTP/2.0" 403 172.167.100.202 - - [12/Feb/2025:14:48:44 -0600] "GET /.well-known/pki-validation/pwnd.php HTTP/2.0" 403 - 172.167.100.202 - - [12/Feb/2025:14:48:45 -0600] "GET /.well-known/index.php HTTP/2.0" 403 172.167.100.202 - - [12/Feb/2025:14:48:46 -0600] "GET /.well-known/pki-validation/muse.php HTTP/2.0" 403 172.167.100.202 - - [12/Feb/2025:14:48:48 -0600] "GET /.well-known/admin.php HTTP/2.0" 403 172.167.100.202 - - [12/Feb/2025:14:48:54 -0600] "GET /.well-known/pki-validation/xmrlpc.php HTTP/2.0" 403 show less	Hacking Bad Web Bot Exploited Host Web App Attack
🇫🇷 193.41.206.176	09 Feb 2025	193.41.206.176 [Sat Feb 8 16:17:01 2025] "GET /.env_example" Referer: "" Host: "x" "" 193.41.206.1 ... show more 193.41.206.176 [Sat Feb 8 16:17:01 2025] "GET /.env_example" Referer: "" Host: "x" "" 193.41.206.176 [Sat Feb 8 16:17:03 2025] "GET /core/.env" Referer: "" Host: "x" "" 193.41.206.176 [Sat Feb 8 16:17:07 2025] "GET /laravel/.env" Referer: "" Host: "x" "" 193.41.206.176 [Sat Feb 8 16:17:07 2025] "GET /laravel/.env" Referer: "" Host: "x" "" 193.41.206.176 [Sat Feb 8 16:17:09 2025] "GET /.aws/credentials" Referer: "" Host: "x" "" 193.41.206.176 [Sat Feb 8 16:17:10 2025] "GET /web/.env" Referer: "" Host: "x" "" 193.41.206.176 [Sat Feb 8 16:17:21 2025] "GET /admin/.env" Referer: "" Host: "x" "" 193.41.206.176 [Sat Feb 8 16:17:22 2025] "GET /application/.env" Referer: "" Host: "x" "" show less	Port Scan Hacking Exploited Host
🇺🇸 129.213.94.27	17 Jan 2025	Repeat offender, probing for dozens of hacked or vulnerable files typically used in Wordpress. All g ... show more Repeat offender, probing for dozens of hacked or vulnerable files typically used in Wordpress. All got my 403 page. Oracle Cloud again. 129.213.94.27 [Fri Jan 17 04:14:53 2025] "GET /alfanew.php" 129.213.94.27 [Fri Jan 17 04:15:15 2025] "GET /wsoyanz.php" 129.213.94.27 [Fri Jan 17 04:15:18 2025] "GET /adminfuns.php7" 129.213.94.27 [Fri Jan 17 04:15:22 2025] "GET /wp-admin/xmrlpc.php?p=" show less	Hacking Exploited Host
🇺🇸 89.187.164.172	09 Aug 2024	This ip address probed my server for about 50 commonly exploited files in a matter of seconds. One f ... show more This ip address probed my server for about 50 commonly exploited files in a matter of seconds. One file was "shell.php." I added them to my exploited servers blocklist. show less	Hacking Exploited Host
🇺🇸 129.146.108.138	19 Jun 2024	This attack targets a recently patched PHP vulnerability. The attacker was trying to upload a file t ... show more This attack targets a recently patched PHP vulnerability. The attacker was trying to upload a file to the server via this vulnerability. "GET /cgi-bin/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input" show less	Hacking Hacking Exploited Host Exploited Host
🇭🇰 81.0.246.233	30 Apr 2024	Attempted to GET /wp-includes/js/wp-emoji-release.min.js which is not on my server account	Hacking Exploited Host
🇳🇱 91.92.244.252	24 Mar 2024	This ip address has repeatedly searched for hacker's files on my non-WordPress static website. A typ ... show more This ip address has repeatedly searched for hacker's files on my non-WordPress static website. A typical search is for inputs.php, under various admin-level directories. show less	Hacking Exploited Host
🇺🇸 40.88.120.121	13 Mar 2024	This ip is closely related to others coming from Microsoft ranges. It was searching for hackers' fil ... show more This ip is closely related to others coming from Microsoft ranges. It was searching for hackers' files that include the word alfa, wso, and yanz. show less	Hacking Exploited Host
🇫🇷 92.205.107.222	12 Jun 2022	92.205.107.222 [Sun Jun 12 03:11:00 2022] "GET /admin/controller/extension/extension/alfacgiapi" Ref ... show more 92.205.107.222 [Sun Jun 12 03:11:00 2022] "GET /admin/controller/extension/extension/alfacgiapi" Referer: "www.bing.com" Host: "mail.rw-leatherworks.com" "wp_is_mobile" 92.205.107.222 [Sun Jun 12 03:16:09 2022] "GET /shells.php" Referer: "www.bing.com" Host: "mail.rw-leatherworks.com" "wp_is_mobile" 92.205.107.222 [Sun Jun 12 02:54:44 2022] "GET /gank.php.PhP" Referer: "www.bing.com" Host: "mail.rw-leatherworks.com" "wp_is_mobile" show less	Hacking Exploited Host
🇺🇸 167.99.120.2	31 Jan 2022	GET /c/version.js GET /stalker_portal/c/version.js GET /system_api.php	Hacking Web App Attack
🇩🇪 2a02:c206:2077:830::1	26 Jan 2022	"GET /wordpress/"	Web App Attack
🇺🇸 154.53.43.163	25 Jan 2022	"GET ///installer.php" "GET ///wp-admin/setup-config.php" "GET /wordpress/installer.php"	Web App Attack
🇺🇸 2600:1f16:84d:1800:fd46:26f4:e3e6:2061	15 Nov 2021	2600:1f16:84d:1800:fd46:26f4:e3e6:2061 [Sun Nov 14 19:24:32 2021] "GET /vfy7j.php" Referer: "bing.co ... show more 2600:1f16:84d:1800:fd46:26f4:e3e6:2061 [Sun Nov 14 19:24:32 2021] "GET /vfy7j.php" Referer: "bing.com" Host: "www.rw-leatherworks.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" 2600:1f16:84d:1800:fd46:26f4:e3e6:2061 [Sun Nov 14 19:24:32 2021] "GET /vfy7j.php" Referer: "bing.com" Host: "www.rw-leatherworks.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" 2600:1f16:84d:1800:fd46:26f4:e3e6:2061 [Sun Nov 14 19:24:33 2021] "GET /ykfudsnhes.php" Referer: "bing.com" Host: "www.rw-leatherworks.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" 2600:1f16:84d:1800:fd46:26f4:e3e6:2061 [Sun Nov 14 19:24:33 2021] "GET /vfy7j.php" Referer: "" Host: "www.rw-leatherworks.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" show less	Port Scan Hacking Exploited Host
🇳🇱 178.238.8.73	29 Oct 2021	The offender's IP address: 178.238.8.73 was logged and banned on Thu Oct 28 22:41:40 2021 This IP ... show more The offender's IP address: 178.238.8.73 was logged and banned on Thu Oct 28 22:41:40 2021 This IP got caught in my bad bot trap after trying to GET the non-existent file: shell.php. The intruder's user agent was: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 show less	Hacking